Discover and read the best of Twitter Threads about #opsec

Most recents (18)

Now on the Green Room at #VB2019, @eldracote @anshirokova will present "Geost botnet. The discovery story of a new Android banking trojan from an OpSec error", a work also done with @MaryJo_E !
The Geost botnet was found by investigating the traffic of a different botnet: #htbot also known as proxyback. This htbot botnet offers a proxy service for users in the underground.
The Geost operators were using htbot to access the command and control servers from Geost (thinking they were hiding themselves).
Read 10 tweets
Spicci is back.

.@pewdiepiehoie => 1173023855239192576

Send him back to his hole.
@pewdiepiehoIe 2/

Just a reminder.

Doug Stewart is Spicci. He admits so on video. He posted it from his own YouTube account and linked it to Twitter.


.@realdougstewart => 935365484718931969

Spicci saying he is Doug Stewart
Read 23 tweets
A lightweight domain check in this malicious spreadsheet references the following protected cells:

A101 = ms
A102 = build
A103 = exe
A104 = C:\Users\Public\ptedcod.xml

A100 = MSBuild payload

Shellcode calls back to RFC1918
XLS upload fired on my #GuardrailsOfTheGalaxy VT hunting rules (23/58):…
Note the ⏱️ guardrail
I agree with @buffaloverflow's previous comments that these are very basic implementations of #T1480 Guardrails (that expose your targets).
@buffaloverflow @MITREattack Let me connect the dots:
@JohnLaTwC shared a sample "leav_blackboard_training.xlsm" in June 2018
• Document metadata aligns in both (Company=United States Army 😉) with different authors
• Syntax, builder (@infosecn1nja), and MSBuild payload overlaps
Read 4 tweets
There are so many things wrong with what the #USAF is doing here, that are very much not evident to the casual observer.

1) The RC-135 has changed its unique transponder number to 730000 (hex), an Iranian assigned code. So, the USAF is impersonating an Iranian plane.
2) As @GDarkconrad pointed out, this isn't an accident, the USAF did this with Venezuelan codes off the coast of #Venezuela too. US reconnaissance planes are impersonating the codes of the countries they are conducting reconaissance on, endangering future civilian flights.
3) I'm waiting for someone to tell me it's for #OPSEC. Clearly that doesn't work, as Spanish and Canadian citizens have called them out while we're still in out PJs. The Iranians see them plain as day, they're only hiding their activities from the American (and world) public.
Read 8 tweets
PDF of newly unsealed affidavit in US v Julian Assange…
Manning testified that she did not know who she was chatting with from WikiLeaks in 2010, but DOJ says "evidence demonstrates" it was Julian Assange.
Read 6 tweets
UPDATE on the Indivisible Network account!🚨

I will lay out the following info: false claims of non profit status, FEC status, where their various donation buttons lead, the criminal background of the treasurer & their possible motives. THREAD #opsec #SCAM #SundayMotivation
Per FEC filings, this org is Turlock, CA:

The State of California Franchise Tax Board has downloadable lists of Exempt Organizations.

Indivisible Network PAC isn't listed.

They are *NOT* a non profit.

Per the FEC & OpenSecrets, the Indivisible Network PAC received 0 donations for the 2018 election cycle:

If they are getting donations, they aren't telling anyone how much, or what it's being spent on. #campaign #DarkMoney
Read 18 tweets
A raíz de futuras charlas que estoy preparando, os dejo un hilo con consejos muy básicos de #OPSEC en viajes. No soy un gurú de nada, y estas recomendaciones puede que no funcionen en tu caso, o pueden no ser las más adecuadas. Espero que sean útiles para alguien. Abro hilo...
No anuncies tu viaje en Redes Sociales, sobre todo si viajas a zonas con alto riesgo de secuestro, si quieres mandar unas fotos hazlo cuando estés de vuelta a tu país de origen, por muy bonito que sea el lugar. No ostentes joyas o dinero en ningún caso.
Si puedes, prepara el viaje con antelación: visados, vacunas, cartas de invitación, etc. Piensa en qué países has estado antes y si esto puede ser un problema. Estudia con detalle los riesgos de seguridad en la web del Ministerio de Exteriores español.…
Read 27 tweets
A few wks ago new words in the wordclouds of our domestic subset of #Hamilton68 Russian sympathizer accnts appeared on the topic of abortion. President Trump has been bleeding support among evangelicals & campaigns #walkaway & #buildthewall have proved ineffective #infosec #osint
It makes sense the #GOP would go back 2 their time tested political issue of abortion. And in this case push the most emotionally charged fringe like late-term abortions. The #Hamilton68 subset focused on Russian geopolitics showed a steady uptick around the topic #infosec #osint
We also looked at another #Hamilton68 subset that focuses on US Politics and contains a high level foreign sourced accounts & saw the same thing. This subset showed a dramatic increase in terms like abortion and late-term abortion. Something we've not seen before #infosec #osint
Read 8 tweets

A few days ago I requested a rug sample from a cute little online homewares retailer based here in Melbourne. They have really adorable stuff. They responded asking me to provide my credit card details for a security deposit. [1/23] #infosec #opsec
The PDF also requested a bunch of personal identification data such as name, age, and address. They wanted me to fill out the PDF and email it back to them. [2/23]
As the default s̶u̶c̶k̶e̶r̶ sys-admin for my parents and extended family, I've seen them become vulnerable to some pretty nasty phishing attacks and malware in recent years. Heck, I've been a target myself. [3/23]
Read 23 tweets
Finally we are able to analyze the most common URL use from a subset of #Hamilton68 accounts. Many many thanks to @Saill for all the scripting work on this. We now have a ton of additional data that can be analyzed. #infosec #opsec #osint
This is the top 25 URLs used by the #Hamilton68 subset of accnts focused on Russian Geopolitics. The most recent 3000 tweets from each of 125 accts were analyzed. 375000 tweets total. Fairly expected results & shows the prominence of Youtube & Facebook use. #infosec #opsec #osint
Further down the list in top 35-56 range revealed more interesting sites being used by these accnts. Ria(.)ru is a fairly new Russian media site housed at the same location as the Russian IRA troll farm. Stalkerzone is well known disinfo site #infosec #opsec #osint #hamilton68
Read 5 tweets
Words to live by.
tfw... you find the #opsec fail you've been waiting for.
Yea, so about that... 🎯
Read 3 tweets
Just ran our #Hamilton68 accounts and here are the top hashtags being promoted over the past 48 hrs by two of the main troll subsets. One focused on US politics and one focused on Russian geopolitics. No big surprise #CovingtonCatholic cracked the list #infosec #opsec #psyops
A friend helped do a quick analysis of last ~3000 tweets from 24 core #Hamilton68 accounts in my US domestic subset -- 73165 tweets in total. Here were the top accounts retweeted. We removed all known Hamilton68 accts from this list. Yellow are known/verified accts. Thx @saill
Guessing a lot of you will recognize some of the accounts on this list. Just because we haven’t been able to reverse engineer them as Hamilton68 accounts doesn’t mean there aren’t a few suspect ones on this list.
Read 12 tweets
Just before Christmas we looked at #Hamilton68 accounts who focus on Russian geopolitics and how they were stoking the #giletsjaunes conflict in France. We noticed a new hashtag #integrityinitiative (red arrow) .. #infosec #osint #opsec
We didn't think much about this over the holidays but revisited it in early January 2019. Turns out the the #integrityinitiative had become even more prominent and prompted additional research .. #infosec #osint #opsec
We did a hoaxy analysis of the #integrityinitiative hashtag on January 5th and noticed two major nodes of well-known #Hamilton68 accounts .. @Ian56789 and @ShoebridgeC ... #infosec #osint #opsec
Read 10 tweets
A fascinating thread ...dont think 4 a minute that the only propaganda / misinformation campaigns come from Russia ... there are plenty of domestic operations going on right now. In this case a Wall Street Hedge Fund manager posing as a #Bernie2020 acolyte
As @HoarseWisperer alertly posted, this Hedge Fund manager is running a disinfo / troll campaign against @ewarren and her supporters. If ur reasonably intelligent, I think you can figure out why a wallstreet Hedge Fund manager might be behind promoting #Bernie2020 #infosec
No idea right now how much of the "we want Bernie" tweets to @ewarren are from trolls, cyborgs and bots. Guessing like ourselves lots of other groups are scrambling to collect the data for analysis. #infosec #opsec #osint
Read 8 tweets
#OPSEC mistakes by ex @CIA Kevin Mallory #spying for China, caught on CCTV having secret documents scanned to micoSD card instead of doing it on his own cheap disposable scanner, useless non-destructive messages covert comms phone App, no #encryption…
#OPSEC #fail ex @CIA Kevin Mallory recruited to spy for #China #MSS via @LinkedIn profile openly pitching #NationalSecurity experience. N.B. all the risks of taking your phone to China, highlighted by US CI official also apply to foreigners visiting USA…
#Privacy activists need to learn from professional #espionage agents & #CounterIntelligence case #OPSEC techniques & failures - #China #MSS agent handlers were unprofessional in mobile #CovertComms & #MoneyLaundering - Kevin Patrick Mallory indictment…
Read 3 tweets
While this is probably a big 4chan joke ...I don't like to underestimate a disinfo campaign even if its a domestic 4chan trolling operation. Here is some #NPC background. I am also not one to suggest u put ur head in the sand & block these #infosec #opsec
As others have pointed out this appears to have developed much like Pepe the frog ...out of the 4chan netherworld of the internet. Reading the timeline of this fake account @BKrassenstein69 they are using to troll the real account @Krassenstein gives u the very racist flavor
Love the tool Hoaxy. Using it we were very quickly able to identify roughly 50 Twitter accounts all very related and most created this month. I am sure there are many more. #NPC #infosec #opsec
Read 14 tweets
On July 22nd Wikileaks released 22000 DNC emails that had been previously hacked by Russian GRU agents. On Oct 7th Wikileaks dumped hacked John Podesta emails soon after the seemingly damaging Access Hollywood tape came out where Donald Trump talked about sexual misconduct @ollie
3million tweets from the Russian Internet Research Agency were recently archived & made available by the site @fivethirtyeight. We wanted to look at particular hashtags related to Green Party Candidate Jill Stein and #DemExit… @ollie #infosec #osint #opsec
In the second wk of July 2016 #DemExit became a social media campaign & political movement in response to Bernie Sanders formally endorsing rival Hillary Clinton 4 president. Bernie Sanders supporters in particular were encouraged to leave the Democratic Party in protest #infosec
Read 14 tweets
So for the first time in quite a while a newcomer hashtag had top spot on the #Hamilton68 Dashboard -- #walkaway. We remembered seeing this hashtag in the past few weeks but didnt really know what it was or follow up on it. #infosec #opsec
The background story on this hashtag #walkaway is a little strange & the number of bots, trolls, & fake testimonial promoting this hashtag is even stranger. Here's an example of a completely fake tweet highlighted by @daveweigel #opsec #infosec
We decided to look retrospectively at our own reverse engineered #Hamilton68 data. This is a wordcloud of 22893 tweets from our main Hamilton68 troll subset going from June 24th until now & #walkaway takes the #1 spot. #infosec #opsec
Read 31 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!